Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE Leap 15.6: Important Security Update for Node.js 22 Released

opensuse
Calendar Grey June 11, 2025
Dist Opensuse Esm H88
Important SUSE security bulletin for nodejs24 targets potential application failure and memory overflow flaws. Act promptly!
An update that solves two vulnerabilities and has two security fixes can now be installed.

Description

This update for nodejs22 fixes the following issues:

Update to version 22.15.1.

Security issues fixed:

* CVE-2025-23166: remotely triggerable process crash due to improper error

handling in async cryptographic operations (bsc#1243218).

* CVE-2025-23165: memory leak and unbounded memory growth due to corrupted

pointer in `node::fs::ReadFileUtf8(const

FunctionCallbackInfo<Value>& args)` when `args[0]` is a string

(bsc#1243217).

Other changes and issues fixed:

* Changes from version 22.15.0

* dns: add TLSA record query and parsing

* assert: improve partialDeepStrictEqual

* process: add execve

* tls: implement tls.getCACertificates()

* v8: add v8.getCppHeapStatistics() method

* Changes from version 22.14.0

* fs: allow exclude option in globs to accept glob patterns

* lib: add typescript support to STDIN eval

* module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX

* module: add findPackageJSON util

* process: add process.ref() and...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory important memory leak openSUSE nodejs process crash

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2025-1878=1 openSUSE-SLE-15.6-2025-1878=1

* Web and Scripting Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1878=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* nodejs22-debuginfo-22.15.1-150600.13.9.1

* nodejs22-22.15.1-150600.13.9.1

* npm22-22.15.1-150600.13.9.1

* nodejs22-devel-22.15.1-150600.13.9.1

* nodejs22-debugsource-22.15.1-150600.13.9.1

* corepack22-22.15.1-150600.13.9.1

* openSUSE Leap 15.6 (noarch)

* nodejs22-docs-22.15.1-150600.13.9.1

* Web and Scripting Module 15-SP6 (aarch64 ppc64le s390x x86_64)

* nodejs22-debuginfo-22.15.1-150600.13.9.1

* nodejs22-22.15.1-150600.13.9.1

* npm22-22.15.1-150600.13.9.1

* nodejs22-devel-22.15.1-150600.13.9.1

* nodejs22-debugsource-22.15.1-150600.13.9.1

* Web and Scripting Module 15-SP6 (noarch)

* nodejs22-docs-22.15.1-150600.13.9.1

References

* bsc#1239949

* bsc#1241050

* bsc#1243217

* bsc#1243218

## References:

* https://www.suse.com/security/cve/CVE-2025-23165.html

* https://www.suse.com/security/cve/CVE-2025-23166.html

* https://bugzilla.suse.com/show_bug.cgi?id=1239949

* https://bugzilla.suse.com/show_bug.cgi?id=1241050

* https://bugzilla.suse.com/show_bug.cgi?id=1243217

* https://bugzilla.suse.com/show_bug.cgi?id=1243218

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:01878-1
Release Date: 2025-06-11T05:41:17Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * Web and Scripting Module 15-SP6

Topics%20covered

Topics Covered

security advisory important memory leak openSUSE nodejs process crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here